CVE-2023-6063

HIGH NUCLEI

WordPress WP Fastest Cache Unauthenticated SQLi (CVE-2023-6063)

Title source: metasploit

Description

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

Exploits (6)

nomisec WORKING POC 29 stars

by motikan2010 · poc

https://github.com/motikan2010/CVE-2023-6063-PoC

View Code ZIP pw:eip

nomisec WORKING POC 9 stars

by Eulex0x · poc

https://github.com/Eulex0x/CVE-2023-6063

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by incommatose · poc

https://github.com/incommatose/CVE-2023-6063-PoC

View Code ZIP pw:eip

nomisec WRITEUP

by hackersroot · poc

https://github.com/hackersroot/CVE-2023-6063-PoC

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/thesafdari/cve-2023-6063

View Code ZIP pw:eip

metasploit WORKING POC

by Valentin Lobstein, Julien Voisin, Alex Sanford · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_fastest_cache_sqli.rb

View Code ZIP pw:eip

Nuclei Templates (1)

WP Fastest Cache 1.2.2 - SQL Injection

HIGHby DhiyaneshDK

Shodan: http.html:/wp-content/plugins/wp-fastest-cache/

FOFA: body=/wp-content/plugins/wp-fastest-cache/

References (2)

[Exploit, Third Party Advisory] https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/30a74105-8ade-4198-abe2-1c6f2967443e

Scores

CVSS v3 7.5

EPSS 0.9187

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-89

Status published

Products (1)

wpfastestcache/wp_fastest_cache < 1.2.2

Published Dec 04, 2023

Tracked Since Feb 18, 2026